Make A Virtual Machine Your Safe Internet-Browsing Sandbox : Page 3

Browsing unknown Web sites puts your system at risk for malware infection. Using a virtual machine as a sandbox for safer browsing provides an additional layer of security for your machine.

by John Paul Cook

Jan 30, 2006

Page 3 of 3

Using Virtual Machines for Security Analysis

Now that you've seen how to use a virtual machine as a sort of Internet-browsing sandbox, expanding the use of the sandbox may seem logical. Using the Not connected network setting and then transferring a suspected malware file into a guest machine with drag and drop would appear to offer a safe environment for analyzing the behavior of the file. This technique might indeed work in many cases, but it could easily fail to detect malware in others. The problem is that a malicious coder can easily add code that checks whether his or her malware program is executing inside a virtual machine. The coder could program the malware to behave safely if it detects that it is running in a virtual environment. Thus, the malware would falsely pass the safety test and then run amuck inside the physical machines you wanted to protect.

Some have proposed using virtual machines to host honeypots, another security technique that may seem attractive. Should malware damage the virtual honeypot, the argument goes, the virtual machine can be reset. Once again, the malware can determine if it's running in a virtual machine and behave differently, which makes the analysis a waste of time.

With these caveats in mind, you should always undo your changes when you browse unknown Web sites. You can't assume that the virtual machine is free of malware just because it appears to be normal.

Sandboxes for Safe Browsing

No single solution will improve security, and browsing the Internet will always pose risks. By properly configuring virtual machines and using them as sandboxes for safe browsing, you can provide an additional layer of security without high cost and complexity. Unless you have confidence in and can trust the sites you are browsing, browsing within a virtual machine is a prudent approach.